On December 9, 2021, Apache released a security advisory addressing a remote code execution vulnerability (CVE-2021-44228) affecting its Log4j Java-based logging utility. For more information on the LogJ4 vulnerability, see LogJ4 Vulnerability: What Security Leaders Need to Know and Do.
OnePlan does not use any part of the LogJ4 library.
However, it is possible that solutions outside of OnePlan that are connected to OnePlan (integrated systems such as Salesforce, Workday etc.) may be using LogJ4 in their applications.
Microsoft Defender AV should be detecting if any of your installed java apps have been exploited.